[rspec-users] Where to spec authentication and roles-based permissions?

Matt Wynne matt at mattwynne.net
Fri May 8 08:57:22 EDT 2009

On 8 May 2009, at 10:33, doug livesey wrote:

> Hi -- I'm writing an app that both requires authentication via a  
> logon, and also has roles-based permissions (using acl_system2), and  
> was wondering where to verify that both are happening.
> I've started out putting them in a special cucumber feature for  
> authentication & permissions, but this is becoming a real drag, as  
> I'm writing a scenario for each case (anonymous, lacking  
> permissions, permitted) by each controller action.
> Can anyone advise me on a better way to organise this?

Have you seen Scenario Outlines? I think this is exactly kind of stuff  
that should be surfaced in a Cucumber test, but you need to organise  
your steps to facilitate that. Tools like Scenario Outline really help.

Matt Wynne

More information about the rspec-users mailing list